My OperaThe My Opera forums have been replaced with forums.opera.com. Please head over there to discuss Opera's products and features
See the new ForumsYou need to be logged in to post in the forums. If you do not have an account, please sign up first.
XMLHttpRequest not honoring Access-Control-Allow-Origin
From an https://somedomain.com I am doing an XMLHttpRequest to http://somedomain.com/script.phpWith Access-Control-Allow-Origin header set to "https://somedomain.com" on the https side it works perfectly in FF and Chrome and many mobile browsers. (Except IE8 which decided to implement their own non-working standard).
IE at least throws an exception during the open() call if a cross domain call is attempted and FF/Chrome will do so if the Access-Control-Allow-Origin is not set correctly. However, Opera 11.51 performs the open just fine but then throws a security exception on the send call.
Any idea when this non-standard behavior will be fixed?
Reason for this use: login and credential verification is handled via https for security, however background updates to the web page do not require security and are performed every second or less which has unnecessary overhead if the https handshaking is included. None of the background update info needs to be secured as it is meaningless out of context.